Managing privacy of information during shipments

ABSTRACT

A method for managing privacy of information on a shipping label associated with a shipment is provided. The method includes receiving information associated with the shipment, generating at least two decryption keys associated with at least two pieces of information from the information, generating encrypted messages by encrypting the at least two pieces of information based on the at least two decryption keys including a first and second encrypted message encrypted based on a first and second decryption key, respectively, generating a machine-readable code including the encrypted messages, generating a shipping label including machine-readable code, and providing the first and second decryption keys based on a first and second status of the shipment, respectively.

BACKGROUND

The present invention generally relates to managing privacy ofinformation during shipments, and more particularly to managing privacyof information on a shipping label used in delivery shipments.

Shipping labels, for example used in express delivery of packages, maycontain information relevant to the shipment of a package, such as thereceiver's name, street address, phone number, etc. and/or the sender'sname, street address, phone number, etc. Such information may be printedon the shipping label as visible, readable text. During the shipment ofthe package, various personnel in the shipment chain may use suchinformation to deliver the package and such information may facilitateexpress or rapid delivery.

Shipping labels may include shipping information encoded intwo-dimensional, machine-readable codes or may include shippinginformation as ciphered text. Some or all information on the shippinglabel, such as sensitive, personal information of a receiver or sender,may nonetheless leak, e.g., to non-authorized, non-relevant personnel.

SUMMARY

According to one embodiment, a method for managing privacy ofinformation on a shipping label associated with a shipment is provided.The method may include receiving a plurality of pieces of informationassociated with the shipment, generating at least two decryption keysassociated with at least two pieces of information from the plurality ofpieces of information, generating two or more encrypted messages byencrypting the at least two pieces of information based on the at leasttwo decryption keys including a first and second encrypted messageencrypted based on a first and second decryption key, respectively,generating a machine-readable code including the two or more encryptedmessages, generating the shipping label including the machine-readablecode, and providing the first and second decryption keys based on afirst and second status of the shipment, respectively.

According to another embodiment, a computer program product for managingprivacy of information on a shipping label associated with a shipment isprovided. The computer program product may include at least one computerreadable non-transitory storage medium having computer readable programinstructions for execution by a processor. The computer readable programinstructions include instructions for receiving a plurality of pieces ofinformation associated with the shipment, generating at least twodecryption keys associated with at least two pieces of information fromthe plurality of pieces of information, generating two or more encryptedmessages by encrypting the at least two pieces of information based onthe at least two decryption keys including a first and second encryptedmessage encrypted based on a first and second decryption key,respectively, generating a machine-readable code including the two ormore encrypted messages, generating the shipping label including themachine-readable code, and providing the first and second decryptionkeys based on a first and second status of the shipment, respectively.

According to another embodiment, a computer system for managing privacyof information on a shipping label associated with a shipment isprovided. The system may include at least one processing unit, at leastone computer readable memory, at least one computer readable tangible,non-transitory storage medium, and program instructions stored on the atleast one computer readable tangible, non-transitory storage medium forexecution by the at least one processing unit via the at least onecomputer readable memory. The program instructions include instructionsfor receiving a plurality of pieces of information associated with theshipment, generating at least two decryption keys associated with atleast two pieces of information from the plurality of pieces ofinformation, generating two or more encrypted messages by encrypting theat least two pieces of information based on the at least two decryptionkeys including a first and second encrypted message encrypted based on afirst and second decryption key, respectively, generating amachine-readable code including the two or more encrypted messages,generating the shipping label including the machine-readable code, andproviding the first and second decryption keys based on a first andsecond status of the shipment, respectively.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

The following detailed description, given by way of example and notintended to limit the invention solely thereto, will best be appreciatedin conjunction with the accompanying drawings, in which:

FIG. 1 illustrates an exemplary shipping label containing an exemplarymachine-readable code, according to an embodiment;

FIG. 2 is a flowchart illustrating an exemplary shipment of a package,according to an embodiment;

FIG. 3 is a flowchart illustrating a method for managing privacy ofinformation on a shipping label associated with a shipment, according toan embodiment;

FIG. 4 is a flowchart and user table illustrating an aspect of a methodfor managing privacy of information on a shipping label associated witha shipment, according to an embodiment;

FIG. 5 is a flowchart illustrating additional aspects of a method formanaging privacy of information on a shipping label associated with ashipment, according to an embodiment;

FIGS. 6A-6E illustrate exemplary graphical user interfaces associatedwith a method for managing privacy of information on a shipping labelassociated with a shipment, according to an embodiment; and

FIG. 7 is a block diagram illustrating a computing node, according to anaspect of the invention.

The drawings are not necessarily to scale. The drawings are merelyschematic representations, not intended to portray specific parametersof the invention. The drawings are intended to depict only typicalembodiments of the invention. In the drawings, like numbering representslike elements.

DETAILED DESCRIPTION

Various embodiments of the present invention will now be discussed withreference to FIGS. 1-7, like numerals being used for like andcorresponding parts of the various drawings.

According to one embodiment, provided is a method for managing privacyof information on a shipping label associated with a shipment bygenerating at least two decryption keys associated with at least twopieces of information from a plurality of pieces of informationassociated with the shipment, generating two or more encrypted messagesby encrypting the at least two pieces of information based on the atleast two decryption keys, generating a machine-readable code includingthe two or more encrypted messages, generating the shipping labelincluding the machine-readable code, and providing the at least twodecryption keys based on the status of the shipment. The two or moreencrypted messages include a first encrypted message encrypted based ona first decryption key and a second encrypted message encrypted based ona second decryption key, and the first decryption key is associated witha first status of the shipment that is different from a second status ofthe shipment associated with the second decryption key. The firstdecryption key is provided based on the first status of the shipment andthe second decryption key is provided based on the second status of theshipment.

The method, computer program products, and systems disclosed herein mayenhance the privacy and security of sensitive information on a shippinglabel (e.g., sensitive information associated with a receiver of ashipment) by separately encrypting two or more pieces of sensitiveinformation and providing decryption keys at separate times during theshipment, e.g., associated with two or more different statuses of theshipment. For example, a first piece of information (e.g., thereceiver's detailed address) may be encrypted based on a firstdecryption key, which may be provided when the status of the shipment isin a first state (e.g., when a package is being sorted at a sortingfacility) and a second piece of information (e.g., the receiver's phonenumber) may be encoded based on a second decryption key, which may beprovided when the status of the shipment is in a second state (e.g.,when a delivery person is ready to confirm the delivery time andaddress).

The method, computer program products, and systems disclosed herein mayenhance the privacy and security of sensitive information on a shippinglabel, for example, during the express delivery of packages, or when apackage is sent from one party to another party via a third party (e.g.,a delivery service).

The method, computer program products, and systems disclosed herein mayalso preserve the anonymity of a receiver and/or enhance the privacy andsecurity of the receiver's sensitive information on a shipping label, inparticular, from the sender of the package and/or non-relevant personnelat a delivery service.

FIG. 1 illustrates an exemplary shipping label 100 associated with ashipment, according to an embodiment. Shipping label 100 may includeinformation associated with the shipment, some of which may be visible,non-encrypted/non-encoded, and some of which may be encrypted andencoded in a machine-readable code (e.g., a two-dimensional,machine-readable code). In this exemplary embodiment, the visible,non-encrypted/non-encoded information may include information (e.g.,non-sensitive information) associated with the sender of the shipment,such as a nickname for the sender 101, the sender's city 102, and thesender's postal code 103, and information associated with the receiverof the shipment, such as a nickname for the receiver 151, the receiver'scity 152, and receiver's postal code 153.

The encrypted information may include sensitive information associatedwith the receiver of the shipment, such as the receiver's full name, thereceiver's detailed address, and the receiver's phone number. Thereceiver's encrypted information may be encoded in an exemplarymachine-readable code, such as two-dimensional, machine-readable code154, which may be, e.g., a quick response or QR Code™. The encryptedinformation may also include sensitive information associated with thesender of the shipment, such as the sender's full name, the sender'sdetailed address, and the sender's phone number. The sender's encryptedinformation may be encoded in an additional two-dimensional,machine-readable code 104 associated with the sender, which may be,e.g., a QR Code™. It will be appreciated that the embodiment disclosedherein describes encoding encrypted information into a two-dimensional,machine-readable code; however, the machine-readable codes disclosed andclaimed herein may include any known or contemplated machine-readablecode format that may, e.g., be printed on a shipping label, such as alinear barcodes (or one-dimensional barcodes) including universalproduct codes (“UPCs”), matrix barcodes (or two-dimensional barcodes)and the like.

Encrypted information may be encrypted by any known or contemplatedencryption methods, such as any single-key encryption algorithm (e.g.,data encryption standard (“DES”)).

FIG. 2 illustrates a first flowchart 200 depicting an exemplary shipmentof a package, according to an embodiment. At 201, a package (e.g.,affixed with shipping label 100) is obtained at the sender's city (or alocation near the sender's location). For example, the package is pickedup by an express delivery service or the sender leaves the package at afacility associated with an express delivery service (e.g., a packageintake facility). Upon an initial determination of the package'sdestination, e.g., at an initial sorting facility, the package is routedto the receiver's city (or a location near the receiver's city thatincludes a sorting facility associated with the express deliveryservice). At 202, the package arrives at the receiver's city (or alocation near the receiver's city). At 203, the package arrives at asorting facility (e.g., a second sorting facility) in or near thereceiver's city where the package is prepared for dispatching to thereceiver. It will be appreciated that the sender's city and thereceiver's city may be the same city or the sender's location and thereceiver's location may be near to each other such that the shippingfacility associated with initially accepting/sorting a package forshipment may be the same facility associated with sorting the packagefor delivery to the receiver.

At 204, the package is ready for dispatching and necessary informationis obtained from the shipping label, for example, by scanning amachine-readable code (e.g., a two-dimensional, machine-readable code)on the shipping label and decrypting a first encrypted piece ofinformation (e.g., the receiver's detailed address), i.e., the status ofthe shipment is in a sorting or dispatching state. This step mayalternatively occur, or similarly occur, at an initial sorting facilityas an initial sorting step (not shown). For example, an initial sortingworker may obtain (and decrypt) the first encrypted piece of information(e.g., the receiver's detailed address) to determine an appropriatesecond sorting facility (e.g., nearest to, or otherwise convenientand/or efficient for delivery to, the receiver's address). The packageis then sorted and dispatched to the appropriate facility or deliveredto the receiver.

The decryption key for the first encrypted piece of information may beprovided when the status of the shipment is in an associated state. Forexample, if the first encrypted piece of information pertains to asorting/dispatching of the package, the first decryption key may beprovided when the status of the shipment is in a sorting/dispatchingstate. However, if the status of the shipment is not in the associatedstate, then the decryption key may not be provided. The method, computerprogram products, and systems disclosed herein may limit the decryptionof various pieces of encrypted information by providing the respectivedecryption keys at predetermined times during the shipment (i.e., whenthe shipment has a predetermined status).

At 205, a delivery person is ready to deliver the package to thereceiver, i.e., the status of the shipment is in a delivering state.Necessary information is obtained from the shipping label, for example,by scanning the two-dimensional, machine-readable code on the shippinglabel and decrypting a second encrypted piece of information (e.g., thereceiver's phone number). For example, a delivery person may be ready todeliver the package to the receiver and may use the second piece of(decrypted) information to contact the receiver to confirm a deliverytime and address.

At 206, the package is ready to be handed over to the receiver and thereceiver's identity is ready to be verified, i.e., the status of theshipment is in a verifying state. Necessary information is obtained fromthe shipping label, for example, by scanning the two-dimensional,machine-readable code on the shipping label and decrypting a thirdencrypted piece of information (e.g., the receiver's full name). Forexample, the delivery person may be ready to hand over the package tothe receiver and may use the third piece of (decrypted) information toverify the identity of the receiver.

FIG. 3 illustrates a second flowchart 300 depicting an exemplary methodfor managing privacy of information on a shipping label associated witha shipment, according to an embodiment. At 301, a plurality of pieces ofinformation associated with the shipment is received. The plurality ofpieces of information may include at least one of information associatedwith a receiver of a shipment and information associated with a senderof a shipment. In one embodiment, at least one piece of information fromthe plurality of pieces of information is obtained from an onlineshopping website. For example, a receiver of the shipment may be ashopper at an online shopping website who provides informationassociated with the receiver, e.g., sensitive information, such as, thereceiver's full name, detailed address, phone number, etc.

At 302, at least two decryption keys associated with at least two piecesof information from the plurality of pieces of information is generated.For example, the at least two pieces of information may pertain tosensitive information, e.g., of a receiver of a shipment or a sender ofa shipment.

At 303, two or more encrypted messages are generated by encrypting theat least two pieces of information based on the at least two decryptionkeys. The two or more encrypted messages include a first encryptedmessage based on a first decryption key associated with a first statusof the shipment and a second encrypted message based on a seconddecryption key associated with a second status of the shipment. Forexample, the first encrypted message may pertain to the receiver'sdetailed address and the message may be encrypted based on a firstdecryption key associated with a delivery status relevant to thereceiver's detailed address, e.g., determining a sorting facility todirect the shipment. The second encrypted message may pertain to thereceiver's phone number and that message may be encrypted based on asecond decryption key associated with a delivery status relevant to thereceiver's phone number, e.g., confirming a delivery time and address.

At 304, a machine-readable code (e.g., a two-dimensional,machine-readable code) including the two or more encrypted messages isgenerated. The encrypted messages may be encoded in the machine-readablecode, which may be decoded by a scanner (or device configured to decodemessages encoded in the machine-readable code) and decrypted with anappropriate decryption key. The machine-readable code may also includeone or more non-encrypted messages.

At 305, a shipping label including the machine-readable code isgenerated. For example, a shipping label may be printed with themachine-readable code. In one embodiment, a shipping label may comprisethe machine-readable code. For example, a machine-readable code may beprinted and serve as a shipping label without any visible, non-encodedshipping information.

At 306, the first decryption key based on the first status of theshipment is provided. For example, the first decryption key may beassociated with a sorting/dispatching status and is provided when thedelivery status is in a sorting/dispatching state.

At 307, the second decryption key based on the second status of theshipment is provided. For example, the second decryption key may beassociated with a confirming delivery time/address status and isprovided when the delivery status is in a confirming deliverytime/address state.

FIG. 4 illustrates a third flowchart 400 and an exemplary user table 405depicting an aspect of an exemplary method for managing privacy ofinformation on a shipping label associated with a shipment, according toan embodiment. At 401, a user scans a machine-readable code (e.g.,two-dimensional, machine-readable code) on the shipping label with adevice capable of capturing images and a processor to decode messagesencoded in the machine-readable code, such as a scanner configured todecode messages encoded in the machine-readable code. Themachine-readable code may include two or more encrypted messages.

At 402, the user may be authenticated for decrypting an encryptedmessage encoded in the machine-readable code. For example, the user'sscan of the machine-readable code is assessed for an appropriatedecryption key associated with an encrypted message. If the user has theappropriate decryption key, the encrypted message may be decrypted andprovided to the user, at 403. If the user does not have the appropriatedecryption key, the encrypted message may not be decrypted, at 404. Inone embodiment, if the user does not have the appropriate decryptionkey, ciphered text is provided instead of the decrypted message.

Exemplary user table 405 provides exemplary users, statuses of delivery,decryption keys, and decrypted messages. For example, a sender of ashipment may not have any decryption keys and therefore may not view anyencrypted messages. A sorting worker may be provided a decryption keyassociated with a sorting status of the shipment and may decrypt andview a message associated with the sorting status, e.g., the detailedaddress of the receiver. A delivery person may be provided a decryptionkey associated with a delivering status of the shipment, which mayinclude confirming delivery time and address. The associated decryptionkey may decrypt a message associated with the delivering status, e.g.,the phone number of the receiver. A delivery person may also be provideda decryption key associated with a verifying status of the shipment,which may include verifying the identification of the receiver. Theassociated decryption key may decrypt a message associated with theverifying status, e.g., the full name of the receiver. In oneembodiment, after the delivery of the shipment to the receiver has beencompleted, e.g., the status of the shipment has been closed, softwareassociated with decrypting the encrypted message(s) may lock out furtherdecryption of the encrypted message(s).

In one embodiment, software on a scanning device determines the statusof the shipment and determines whether to decrypt an encrypted messageencoded in the machine-readable code. For example, a scanning deviceassociated with the first status of the shipment determines that thestatus of the shipment is closed (i.e., the shipment has been deliveredto the receiver) or is no longer in the first status and as a result nolonger decrypts the first encrypted message (despite having the firstdecryption key). Similar processes may apply to other scanning devicesand other statuses of the shipment.

FIG. 5 illustrates a fourth flowchart 500 depicting additional aspectsof an exemplary method for managing privacy of information on a shippinglabel associated with a shipment, according to an embodiment. In oneaspect, fourth flowchart 500 illustrates steps, instructions,operations, and items (e.g., 501-507C) that may be carried out,obtained, executed, and generated, respectively, by a system associatedwith a delivery service. In another aspect, fourth flowchart 500illustrates how various items (e.g., 505, 507A-507C) are handled by, ortransmitted to, various users when the status of the shipment is indifferent states (e.g., initial state, sorting state, delivering state,verifying state).

At 501, a shipping request may be submitted from an online shoppingwebsite, e.g., a website with an application program interface (API)configured to provide shipping information to a shipping service, or theshipping request may be submitted from another source. The shippinginformation from the online shopping website API may include sensitiveinformation about the receiver and/or sender of the shipment. Forexample, a consumer (who will become the receiver of the shipment) mayorder an item from an online shopping website and provide to the onlineshopping website shipping information related to the consumer. Theonline shopping website may submit the shipping request to the shippingdelivery service (and the item to be shipped may be sent to an initialsorting/intake facility associated with the shipping delivery service,or the shipping delivery service may otherwise obtain the item to beshipped).

Another source for a shipping request may include a receiver's orsender's device, e.g., computer, mobile device, etc. Other sources mayinclude any device configured to provide shipping information about ashipment (e.g., receiver and/or sender's detailed address, full name,phone number, etc.) including, but not limited to, a kiosk, a computersystem associated with a delivery service (e.g., a computer systemoperated by delivery service personnel, phone systems, etc.).

If the shipping request is from an online shopping website, e.g., awebsite with an API configured to provide shipping information to ashipping service, at 502, the shipping information including sensitiveinformation about the shipment may be obtained from the website, e.g.,from the website's API.

If the shipping request is from another source, at 503, shippinginformation may be “manually” provided to the delivery service. Theshipping information may provided to the delivery service along with theshipping request, e.g., as entries on an electronic shipping requestform in pre-configured fields associated with the shipping request form.The shipping information provided may include sensitive informationabout the shipment.

At 504, a shipping label associated with the requested shipment may begenerated based on the shipping information obtained or otherwiseprovided. One or more pieces of sensitive information included with theshipping request may be encoded into a machine-readable code (e.g., atwo-dimensional, machine-readable code). One or more pieces of other(e.g., “non-sensitive”) shipping information, such as areceiver/sender's nickname, postal code, phone number, etc., may beprovided (on the shipping label) as visible, non-encoded/non-encrypted,text, and may be considered “public” information.

Generation of the shipping label may be performed by any known orcontemplated method in the art, for example, by extracting informationfrom various databases and other sources and organizing the informationinto a predetermined format. In one embodiment, shipping label 505 maybe generated by a printer, e.g., by printing the shipping information ina predetermined format onto a blank label. Shipping label 505 mayinclude visible, non-encoded/non-encrypted information associated withthe receiver and/or sender and may also include one or moremachine-readable codes containing encrypted information associated withthe receiver and/or sender. In one embodiment, shipping label 505 may beshipping label 100 (depicted in FIG. 1).

At 506, decryption keys associated with two or more pieces ofinformation (e.g., sensitive information) may be generated. Thedecryption keys may form a basis with which to encrypt the two or morepieces of information into encrypted messages that may be encoded intoone or more machine-readable codes that are included in the shippinglabel. At least two of the decryption keys may be associated with adifferent status of the shipment (e.g., sorting, delivering, verifying areceiver's identity, etc.). In this embodiment, three decryptions (i.e.,507A, 507B, 507C) associated with three pieces of information aregenerated.

At 508, the status of the shipment is in an initial state. A sender ofthe shipment may read public information printed on shipping label 505,for example, a receiver's city and/or postal code, and may use suchinformation to estimate shipping costs for the shipment, which may becommunicated to the receiver. The sender, however, may not decryptencrypted messages (containing, e.g., sensitive receiver information)encoded in the machine-readable code printed on shipping label 505.

At 509, the status of the shipment is in a sorting state, for example,at an initial sorting/intake facility. During the sorting state, a firstdecryption key 507A (Key A), may be transmitted to a user or deviceassociated with the sorting state of the shipment, e.g., a sortingworker or sorting device, which may be used to decrypt a first encryptedmessage containing a first piece of (sensitive) information, e.g., thereceiver's detailed address. The decrypted information may be used todetermine an appropriate second sorting facility (e.g., nearest to, orotherwise convenient and/or efficient for delivery to, the receiver'saddress).

At 510, the package may be sent to the appropriate second sortingfacility.

At 511, the status of the shipment is in a delivering state. Forexample, the package has been received at the appropriate second sortingfacility and may be ready to be delivered in-person to the receiver by adelivery person. During the delivering state, a second decryption key507B (Key B), may be transmitted to an user or device associated withthe delivering state of the shipment, e.g., a delivery person or deviceassociated with the delivery person, which may be used to decrypt asecond encrypted message containing a second piece of (sensitive)information, e.g., the receiver's phone number. In one embodiment, thefirst decryption key 507A (Key A) may also be provided, for example, toenable the delivery person to decrypted the first encrypted messagecontaining the receiver's detailed address.

At 512, a delivery person may use the receiver's (decrypted) phonenumber to contact the receiver to confirm a delivery time and/oraddress.

At 513, the status of the shipment is in a verifying state, for example,when the delivery person may be with the receiver and/or may be ready toobtain the receiver's signature (e.g., to accept/confirm delivery of thepackage). During the verifying state, a third decryption key 507C (KeyC), may be transmitted to an user or device associated with theverifying state of the shipment, e.g., the delivery person or deviceassociated with the delivery person, which may be used to decrypt athird encrypted message containing a third piece of (sensitive)information, e.g., the receiver's full name.

At 514, the delivery person may use the receiver's (decrypted) full nameto verify the receiver's identity. Delivery status of the shipment maybe considered closed (i.e., all states have been completed) after thedelivery person verifies the receiver's identify (and optionally obtainsthe receiver's signature) and leaves the package with the receiver.

In one embodiment, the third decryption key 507C (Key C) may betransmitted after a delivery time and/or address are confirmed. Forexample, a delivery person may use the receiver's (decrypted) phonenumber to contact the receiver and after confirming a delivery timeand/or address, the delivery person may notify the delivery service,e.g., via a device associated with the delivery person, that a deliverytime and/or address are confirmed and the shipment will be in averifying state in a relatively short period of time. The decryption keyassociated with the verifying state may be transmitted upon receivingsuch notification. This embodiment may allow the delivery person toaccess the next decryption key without requiring network access, e.g.,to a system/network associated with the delivery service. Thenotification of the delivery status may include any known orcontemplated form of notification including, but not limited to,electronic notification messages, etc.

In one embodiment, a notification associated with the sorting status isreceived. The notification may be sent by a user or device associatedwith the sorting state of the shipment and may pertain to commencing,conducting, and/or completing the sorting of the package.

In one embodiment, a notification associated with the delivering statusis received. The notification may be sent by a user or device associatedwith the delivering state of the shipment and may pertain to commencing,conducting, and/or completing the delivering of the package.

In one embodiment, a notification associated with the verifying statusis received. The notification may be sent by a user or device associatedwith the verifying state of the shipment and may pertain to commencing,conducting, and/or completing the verification of the receiver'sidentity.

FIGS. 6A-6E illustrate various exemplary graphical user interfaces(GUIs) that may be displayed on devices associated with the GUIs and/ora delivery service. A device may include an image capturing device(e.g., camera, lens, etc.) and/or scanner and processor configured todecode messages encoded in a machine-readable code (e.g., atwo-dimensional, machine-readable code, such as a QR Code™). In oneembodiment, the device may be a user's mobile device, such as a smartphone or the like. The GUIs disclosed herein may represent a single GUIfrom different perspectives (e.g., different users) and/or duringdifferent states of shipment status.

FIG. 6A illustrates an exemplary GUI associated with a method formanaging privacy of information on a shipping label associated with ashipment from the perspective of a receiver of the shipment (receiverGUI 600), according to an embodiment. Receiver GUI 600 may includefields in a first section associated with information that may bevisible, non-encrypted/non-encoded text (i.e., “public information”) ona shipping label and a second section associated with information thatmay be encrypted and encoded into a machine-readable code included onthe shipping label (i.e., “sensitive information” or encryptedinformation).

The fields associated with public information may include a nicknamefield 601, a city field 602, and a postal code (or ZIP code) field 603.The receiver may populate these fields with information that other usersmay refer to during the shipment process without having to obtain adecryption key.

The fields associated with encrypted information may include a full namefield 604, a detailed address field 605, and a phone number field 606.The receiver may populate these fields with information that may be usedduring the shipment process, e.g., at various stages of the shipmentprocess, but will be encrypted and encoded into a machine-readable code.The detailed address may include a house number, building number, suite,street address, etc.

Receiver GUI 600 may also include various buttons associated with anapplication associated with the GUI and/or delivery service, such as aconfirmation button 607 and a cancellation button 608. Informationprovided through receiver GUI 600 may be provided to a delivery service.For example, the information provided in the described fields may betransmitted to a delivery service after the user/receiver selects theconfirmation button 607.

In one embodiment, the information provided in the fields associatedwith the encrypted information (e.g., the full name field 604, thedetailed address field 605, the phone number 606) respectively representthree pieces of information and each of these three pieces ofinformation may be encrypted as a separate encrypted message based on aunique decryption key.

FIG. 6B illustrates an exemplary GUI associated with a method formanaging privacy of information on a shipping label associated with ashipment from the perspective of a sender of the shipment (sender GUI610), according to an embodiment. A sender of a shipment may use senderGUI 610 to access limited shipping information, e.g., associated withthe receiver. Similar to receiver GUI 600, sender GUI 610 may include afirst section associated with a receiver's public information and asecond section associated with a receiver's sensitive information orencrypted information.

The fields associated with the receiver's public information may includethe receiver's nickname field 611, the receiver's city field 612, andthe receiver's postal code (or ZIP code) field 613. However, sender GUI610 may differ from receiver GUI 600 in that the fields associated withthe receiver's public information may not be editable (with sender GUI610).

The fields associated with the receiver's encrypted information mayinclude the receiver's full name field 614, the receiver's detailedaddress field 615, and the receiver's phone number field 616. However,sender GUI 610 may differ from receiver GUI 600 in that the fieldsassociated with the receiver's encrypted information are populated withciphered text.

Sender GUI 610 may also include various buttons associated with anapplication associated with the GUI and/or delivery service, such as aconfirmation button 607 and a cancellation button 608. For example,confirmation button 607 may be used to notify a delivery service that asender has viewed and confirmed receiving the receiver's publicinformation.

FIG. 6C illustrates an exemplary GUI associated with a method formanaging privacy of information on a shipping label associated with ashipment from the perspective of a sorting worker of the shipment(sorting GUI 620), according to an embodiment. A sorting working may usesorting GUI 620 to access limited shipping information, e.g., associatedwith the receiver. Similar to sender GUI 610, sorting GUI 620 mayinclude a first section associated with a receiver's public information(which may include fields that are not editable) and a second sectionassociated with the receiver's sensitive information or encryptedinformation (which may include fields populated with ciphered text).

However, when the status of the shipment is in an appropriate state,e.g., in a sorting state, and the device associated with sorting GUI 620has the appropriate decryption key, sorting GUI 620 may differ fromsender GUI 610 in that one or more fields associated with the receiver'ssensitive/encrypted information is decrypted. For example, the deviceassociated with sorting GUI 620 may have the decryption key associatedwith the sorting state of the shipment and a field associated withinformation relevant to the sorting state may be decrypted, e.g., thereceiver's decrypted detailed address field 625. The other encryptedfields may remain encrypted.

Sorting GUI 620 may also include various buttons associated with anapplication associated with the GUI and/or delivery service, such as aconfirmation button 607 and a cancellation button 608. For example,confirmation button 607 (or another button) may be used to notify thedelivery service that the sorting status of the shipment has commenced,is in progress, or has been completed.

FIG. 6D illustrates an exemplary GUI associated with a method formanaging privacy of information on a shipping label associated with ashipment from the perspective of a delivery person of the shipmentduring a delivery state of the shipment (delivering GUI 630), accordingto an embodiment. A delivery person may use delivering GUI 630 to accesslimited shipping information, e.g., associated with the receiver.Similar to sender GUI 610, delivering GUI 630 may include a firstsection associated with a receiver's public information (which mayinclude fields that are not editable) and a second section associatedwith the receiver's sensitive information or encrypted information(which may include fields populated with ciphered text).

However, when the status of the shipment is in an appropriate state,e.g., in a delivering state, and the device associated with deliveringGUI 630 has the appropriate decryption key, delivering GUI 630 maydiffer from sender GUI 610 in that one or more fields associated withthe receiver's sensitive/encrypted information is decrypted. Forexample, the device associated with delivering GUI 630 may have thedecryption key associated with the delivering state of the shipment anda field associated with information relevant to the delivering state maybe decrypted, e.g., the receiver's phone number field 635. The otherencrypted fields may remain encrypted.

In one embodiment, a decryption key associated with an earlier status ofthe shipment may be transmitted to the device associated with anotherstatus of the shipment. For example, a device associated with deliveringGUI 630 may also have the decryption key associated with the sortingstatus and the encrypted information associated with the sorting statemay be decrypted, e.g., the receiver's decrypted detailed address field625.

Delivering GUI 630 may also include various buttons associated with anapplication associated with the GUI and/or delivery service, such as aconfirmation button 607 and a cancellation button 608. For example,confirmation button 607 (or another button) may be used to notify thedelivery service that the delivering status of the shipment hascommenced, is in progress, or has been completed.

FIG. 6E illustrates an exemplary GUI associated with a method formanaging privacy of information on a shipping label associated with ashipment from the perspective of a delivery person of the shipmentduring an identification verification state of the shipment (verifyingGUI 640), according to an embodiment. Similar to delivering GUI 630,verifying GUI 640 may include a first section associated with areceiver's public information (which may include fields that are noteditable) and a second section associated with the receiver's sensitiveinformation or encrypted information (which may include fields populatedwith ciphered text).

However, when the status of the shipment is in an appropriate state,e.g., in a verifying state, and the device associated with verifying GUI640 has the appropriate decryption key, verifying GUI 640 may differfrom delivering GUI 630 in that another one or more fields associatedwith the receiver's sensitive/encrypted information is decrypted. Forexample, the device associated with verifying GUI 640 may have thedecryption key associated with the verifying state of the shipment and afield associated with information relevant to the verifying state may bedecrypted, e.g., the receiver's decrypted full name field 644. The otherencrypted fields may remain encrypted.

In one embodiment, an application associated with one or more of theGUI's disclosed herein includes additional security features to limitaccess to encrypted information encoded in the one or moremachine-readable codes included on the shipping label. For example, theapplication may obtain a decryption key and may also require that theshipment is in an appropriate status prior to decrypting a desiredencrypted message encoded in the one or more machine-readable codes. Insuch embodiments, the application may prevent decryption of an encryptedmessage even though the application may have a corresponding decryptionkey because the shipment does not have the appropriate status, e.g., theshipment has been completed and the shipment status is closed. Thestatus of a shipment may be communicated to the application, e.g., as anotification that is transmitted to/from other applications or devicesassociated with the delivery service.

In one embodiment, two or more encrypted messages are generated byencrypting at least two pieces of information, which may include atleast one of a receiver and/or sender's full name, a receiver and/orsender's phone number, and a receiver and/or sender's detailed address.

In one embodiment, encrypted and non-encrypted information may beencoded in the machine-readable code (e.g., a two-dimensional,machine-readable code) on the shipping label. For example, one or morepieces of information may be encoded in a two-dimensional,machine-readable code that may be decoded by a scanner (or deviceconfigured to decode messages encoded in the two-dimensional,machine-readable code) without a decryption key or the like. In oneembodiment, one or more of the visible, non-encrypted/non-encoded piecesof information on the shipping label may also be encoded in themachine-readable code. In one embodiment, one or more additional piecesof information (beyond the visible, non-encrypted/non-encoded pieces ofinformation and the encrypted information) may be encoded in themachine-readable code.

In one embodiment, the machine-readable code is a two-dimensional,machine-readable code.

In one embodiment, a first decryption key is provided to a first userand a second decryption key is provided to a second user.

In one embodiment, a third encrypted message is encrypted based on athird decryption key, the third decryption key is associated with athird status of the shipment that is different from a first status ofthe shipment and a second status of the shipment, and the thirdencrypted message is included in the machine-readable code, and themethod further includes providing the third decryption key based on thethird status of the shipment.

In one embodiment, two or more encrypted messages are merged into onemerged encrypted message.

In one embodiment, the shipping label is affixed to a package associatedwith the shipment.

In one embodiment, the shipping label includes non-encryptedinformation.

In one embodiment, at least two pieces of information include at leastone of information associated with a receiver of the shipment andinformation associated with a sender of the shipment. In anotherembodiment, the machine-readable code contains information for thereceiver of the shipment, and wherein the shipping label furtherincludes an additional machine-readable code containing information forthe sender of the shipment. In one embodiment, the additionalmachine-readable code is an additional two-dimensional, machine-readablecode.

In one embodiment, providing the first decryption key comprisestransmitting the first decryption key to a user associated with a firststatus of the shipment, and wherein providing the second decryption keycomprises transmitting the second decryption key to a user associatedwith a second status of the shipment. In one embodiment, the userassociated with the first status of the shipment is different from theuser associated with the second status of the shipment.

In one embodiment, the method for managing privacy of information on ashipping label associated with a shipment further includes receiving anotification associated with the first status of the shipment. Inanother embodiment, the method further includes receiving a notificationthat the first status of the shipment is completed, and providing thesecond decryption key in response to the notification that the firststatus of the shipment is completed.

In another embodiment, the method further includes receiving anotification that the first status of the shipment is completed andproviding the second decryption key in response to the notification thatthe first status of the shipment is completed, and receiving anotification that the second status of the shipment is completed andproviding the third decryption key in response to the notification thatthe second status of the shipment is completed.

FIG. 7 depicts a schematic illustrating an example of a computing node.Computing node 10 is only one example of a suitable computing node andis not intended to suggest any limitation as to the scope of use orfunctionality of embodiments of the invention described herein.Regardless, computing node 10 is capable of being implemented and/orperforming any of the functionality set forth hereinabove.

In computing node 10 there is a computer system/server 12, which isoperational with numerous other general purpose or special purposecomputing system environments or configurations. Examples of well-knowncomputing systems, environments, and/or configurations that may besuitable for use with computer system/server 12 include, but are notlimited to, personal computer systems, server computer systems, thinclients, thick clients, hand-held or laptop devices, multiprocessorsystems, microprocessor-based systems, set top boxes, programmableconsumer electronics, network PCs, minicomputer systems, mainframecomputer systems, and distributed computing environments that includeany of the above systems or devices, and the like.

Computer system/server 12 may be described in the general context ofcomputer system-executable instructions, such as program modules, beingexecuted by a computer system. Generally, program modules may includeroutines, programs, objects, components, logic, data structures, and soon that perform particular tasks or implement particular abstract datatypes. Computer system/server 12 may be practiced in distributedcomputing environments where tasks are performed by remote processingdevices that are linked through a communications network. In adistributed computing environment, program modules may be located inboth local and remote computer system storage media including memorystorage devices.

As shown in FIG. 7, computer system/server 12 in computing node 10 isshown in the form of a general-purpose computing device. The componentsof computer system/server 12 may include, but are not limited to, one ormore processors or processing units 16, a system memory 28, and a bus 18that couples various system components including system memory 28 toprocessor 16.

Bus 18 represents one or more of any of several types of bus structures,including a memory bus or memory controller, a peripheral bus, anaccelerated graphics port, and a processor or local bus using any of avariety of bus architectures. By way of example, and not limitation,such architectures include Industry Standard Architecture (ISA) bus,Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, VideoElectronics Standards Association (VESA) local bus, and PeripheralComponent Interconnects (PCI) bus.

Computer system/server 12 typically includes a variety of computersystem readable media. Such media may be any available media that isaccessible by computer system/server 12, and it includes both volatileand non-volatile media, removable and non-removable media.

System memory 28 can include computer system readable media in the formof volatile memory, such as random access memory (RAM) 30 and/or cachememory 32. Computer system/server 12 may further include otherremovable/non-removable, volatile/non-volatile computer system storagemedia. By way of example only, storage system 34 can be provided forreading from and writing to a non-removable, non-volatile magnetic media(not shown and typically called a “hard drive”). Although not shown, amagnetic disk drive for reading from and writing to a removable,non-volatile magnetic disk (e.g., a “floppy disk”), and an optical diskdrive for reading from or writing to a removable, non-volatile opticaldisk such as a CD-ROM, DVD-ROM or other optical media can be provided.In such instances, each can be connected to bus 18 by one or more datamedia interfaces. As will be further depicted and described below,memory 28 may include at least one program product having a set (e.g.,at least one) of program modules that are configured to carry out thefunctions of embodiments of the invention.

Program/utility 40, having a set (at least one) of program modules 42,may be stored in memory 28 by way of example, and not limitation, aswell as an operating system, one or more application programs, otherprogram modules, and program data. Each of the operating system, one ormore application programs, other program modules, and program data orsome combination thereof, may include an implementation of a networkingenvironment. Program modules 42 generally carry out the functions and/ormethodologies of embodiments of the invention as described herein.

Computer system/server 12 may also communicate with one or more externaldevices 14 such as a keyboard, a pointing device, a display 24, etc.;one or more devices that enable a user to interact with computersystem/server 12; and/or any devices (e.g., network card, modem, etc.)that enable computer system/server 12 to communicate with one or moreother computing devices. Such communication can occur via Input/Output(I/O) interfaces 22. Still yet, computer system/server 12 cancommunicate with one or more networks such as a local area network(LAN), a general wide area network (WAN), and/or a public network (e.g.,the Internet) via network adapter 20. As depicted, network adapter 20communicates with the other components of computer system/server 12 viabus 18. It should be understood that although not shown, other hardwareand/or software components could be used in conjunction with computersystem/server 12. Examples, include, but are not limited to: microcode,device drivers, redundant processing units, external disk drive arrays,RAID systems, tape drives, and data archival storage systems, etc.

The present invention may be a system, a method, and/or a computerprogram product at any possible technical detail level of integration.The computer program product may include a computer readable storagemedium (or media) having computer readable program instructions thereonfor causing a processor to carry out aspects of the present invention.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe present invention may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, configuration data for integrated circuitry, oreither source code or object code written in any combination of one ormore programming languages, including an object oriented programminglanguage such as Smalltalk, C++, or the like, and procedural programminglanguages, such as the “C” programming language or similar programminglanguages. The computer readable program instructions may executeentirely on the user's computer, partly on the user's computer, as astand-alone software package, partly on the user's computer and partlyon a remote computer or entirely on the remote computer or server. Inthe latter scenario, the remote computer may be connected to the user'scomputer through any type of network, including a local area network(LAN) or a wide area network (WAN), or the connection may be made to anexternal computer (for example, through the Internet using an InternetService Provider). In some embodiments, electronic circuitry including,for example, programmable logic circuitry, field-programmable gatearrays (FPGA), or programmable logic arrays (PLA) may execute thecomputer readable program instructions by utilizing state information ofthe computer readable program instructions to personalize the electroniccircuitry, in order to perform aspects of the present invention.

Aspects of the present invention are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart and/or block diagram blockor blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the blocks may occur out of theorder noted in the Figures. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustration, and combinations of blocksin the block diagrams and/or flowchart illustration, can be implementedby special purpose hardware-based systems that perform the specifiedfunctions or acts or carry out combinations of special purpose hardwareand computer instructions.

Detailed embodiments of the claimed structures and methods are disclosedherein; however, it can be understood that the disclosed embodiments aremerely illustrative of the claimed structures and methods that may beembodied in various forms. This invention may, however, be embodied inmany different forms and should not be construed as limited to theexemplary embodiments set forth herein. Rather, these exemplaryembodiments are provided so that this disclosure will be thorough andcomplete and will fully convey the scope of this invention to thoseskilled in the art. In the description, details of well-known featuresand techniques may be omitted to avoid unnecessarily obscuring thepresented embodiments.

References in the specification to “one embodiment”, “an embodiment”,“an example embodiment”, etc., indicate that the embodiment describedmay include a particular feature, structure, or characteristic, butevery embodiment may not necessarily include the particular feature,structure, or characteristic. Moreover, such phrases are not necessarilyreferring to the same embodiment. Further, when a particular feature,structure, or characteristic is described in connection with anembodiment, it is submitted that it is within the knowledge of oneskilled in the art to affect such feature, structure, or characteristicin connection with other embodiments whether or not explicitlydescribed.

The descriptions of the various embodiments of the present inventionhave been presented for purposes of illustration, but are not intendedto be exhaustive or limited to the embodiments disclosed. Manymodifications and variations will be apparent to those of ordinary skillin the art without departing from the scope and spirit of the invention.The terminology used herein was chosen to best explain the principles ofthe embodiment, the practical application or technical improvement overtechnologies found in the marketplace, or to enable others of ordinaryskill in the art to understand the embodiments disclosed herein.

What is claimed is:
 1. A method for managing privacy of information on ashipping label associated with a shipment, the method comprising:receiving a plurality of pieces of information associated with theshipment; generating at least two decryption keys associated with atleast two pieces of information from the plurality of pieces ofinformation; generating two or more encrypted messages by encrypting theat least two pieces of information based on the at least two decryptionkeys, wherein a first encrypted message is encrypted based on a firstdecryption key and a second encrypted message is encrypted based on asecond decryption key, and wherein the first decryption key isassociated with a first status of the shipment that is different from asecond status of the shipment associated with the second decryption key;generating a machine-readable code including the two or more encryptedmessages; generating the shipping label, wherein the shipping labelincludes the machine-readable code; providing the first decryption keybased on the first status of the shipment; and providing the seconddecryption key based on the second status of the shipment.
 2. The methodaccording to claim 1, wherein the machine-readable code is atwo-dimensional, machine-readable code.
 3. The method according to claim1, wherein the first decryption key is provided to a first user and thesecond decryption key is provided to a second user.
 4. The methodaccording to claim 1, wherein a third encrypted message is encryptedbased on a third decryption key, wherein the third decryption key isassociated with a third status of the shipment that is different fromthe first status of the shipment and the second status of the shipment,and wherein the third encrypted message is included in themachine-readable code, and the method further comprising: providing thethird decryption key based on the third status of the shipment.
 5. Themethod according to claim 1, wherein the two or more encrypted messagesare merged into one merged encrypted message.
 6. The method according toclaim 1, wherein the shipping label is affixed to a package associatedwith the shipment.
 7. The method according to claim 1, wherein theshipping label includes non-encrypted information.
 8. The methodaccording to claim 1, wherein the at least two pieces of informationinclude at least one of information associated with a receiver of theshipment and information associated with a sender of the shipment. 9.The method according to claim 8, wherein the machine-readable codecontains information for the receiver of the shipment, and wherein theshipping label further includes an additional machine-readable codecontaining information for the sender of the shipment.
 10. The methodaccording to claim 9, wherein the additional machine-readable code is anadditional two-dimensional, machine-readable code.
 11. The methodaccording to claim 1, wherein providing the first decryption keycomprises transmitting the first decryption key to a user associatedwith the first status of the shipment, and wherein providing the seconddecryption key comprises transmitting the second decryption key to auser associated with the second status of the shipment.
 12. The methodaccording to claim 1, further comprising: receiving a notificationassociated with the first status of the shipment.
 13. The methodaccording to claim 1, further comprising: receiving a notification thatthe first status of the shipment is completed, and wherein providing thesecond decryption key is in response to the notification that the firststatus of the shipment is completed.
 14. The method according to claim4, further comprising: receiving a notification that the first status ofthe shipment is completed, and wherein providing the second decryptionkey is in response to the notification that the first status of theshipment is completed, and receiving a notification that the secondstatus of the shipment is completed, and wherein providing the thirddecryption key is in response to the notification that the second statusof the shipment is completed.
 15. A computer program product formanaging privacy of information on a shipping label associated with ashipment, the computer program product comprising at least one computerreadable non-transitory storage medium having computer readable programinstructions thereon for execution by a processor, the computer readableprogram instructions comprising program instructions for: receiving aplurality of pieces of information associated with the shipment;generating at least two decryption keys associated with at least twopieces of information from the plurality of pieces of information;generating two or more encrypted messages by encrypting the at least twopieces of information based on the at least two decryption keys, whereina first encrypted message is encrypted based on a first decryption keyand a second encrypted message is encrypted based on a second decryptionkey, and wherein the first decryption key is associated with a firststatus of the shipment that is different from a second status of theshipment associated with the second decryption key; generating amachine-readable code including the two or more encrypted messages;generating the shipping label, wherein the shipping label includes themachine-readable code; providing the first decryption key based on thefirst status of the shipment; and providing the second decryption keybased on the second status of the shipment.
 16. The computer programproduct according to claim 15, wherein the machine-readable code is atwo-dimensional, machine-readable code.
 17. The computer program productaccording to claim 15, wherein a third encrypted message is encryptedbased on a third decryption key, wherein the third decryption key isassociated with a third status of the shipment that is different fromthe first status of the shipment and the second status of the shipment,and wherein the third encrypted message is included in themachine-readable code, and the method further comprising: providing thethird decryption key based on the third status of the shipment.
 18. Acomputer system for managing privacy of information on a shipping labelassociated with a shipment, the computer system comprising: at least oneprocessing unit; at least one computer readable memory; at least onecomputer readable tangible, non-transitory storage medium; and programinstructions stored on the at least one computer readable tangible,non-transitory storage medium for execution by the at least oneprocessing unit via the at least one computer readable memory, whereinthe program instructions comprise program instructions for: receiving aplurality of pieces of information associated with the shipment;generating at least two decryption keys associated with at least twopieces of information from the plurality of pieces of information;generating two or more encrypted messages by encrypting the at least twopieces of information based on the at least two decryption keys, whereina first encrypted message is encrypted based on a first decryption keyand a second encrypted message is encrypted based on a second decryptionkey, and wherein the first decryption key is associated with a firststatus of the shipment that is different from a second status of theshipment associated with the second decryption key; generating amachine-readable code including the two or more encrypted messages;generating the shipping label, wherein the shipping label includes themachine-readable code; providing the first decryption key based on thefirst status of the shipment; and providing the second decryption keybased on the second status of the shipment.
 19. The computer systemaccording to claim 18, wherein the machine-readable code is atwo-dimensional, machine-readable code.
 20. The computer systemaccording to claim 18, wherein a third encrypted message is encryptedbased on a third decryption key, wherein the third decryption key isassociated with a third status of the shipment that is different fromthe first status of the shipment and the second status of the shipment,and wherein the third encrypted message is included in themachine-readable code, and the method further comprising: providing thethird decryption key based on the third status of the shipment.